Google has informed its users directly about a security issue in Google Website Optimizer.

Google has warned the Website Optimizer users about a vulnerability in the Website Optimizer Control Script. According to the Google email, an attacker might be able to execute malicious code on a user site using a Cross-Site Scripting (XSS) attack. This attack can only take place if a website or browser has already been compromised by a separate attack.